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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment See 37 CFR 1.704(b). 

Status 

1 )M Responsive to communication(s) filed on 16 March 2001 . 
2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-34 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) K Claim(s) 1-34 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) Q Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)Q The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)13 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)[3 All b)D Some * c)d None of: 

1 .Kl Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 
Claim Rejections - 35 USC § 101 

1. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

2. Claims 31-34 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. The language of the claim raises a 
question as to whether the claim is directed merely to an abstract idea that is not 
tied to a technological art, environment or machine which would result in a 
practical application producing a concrete, useful, and tangible result to form the 
basis of statutory subject matter under 35 U.S.C. 101 . 



Claim Rejections - 35 USC § 102 
3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 



4. Claims 1-7, 10-17, 20-26, and 29-30 are rejected under 35 U.S.C. 102(b) as 
being anticipated by Koneru et al, hereinafter "Koneru", (US/5966705). 
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5. As per claims 1,12, and 20, Koneru discloses the Tracking a user across both 
secure and non-secure areas on the internet, wherein the users is initially tracked 
using a globally unique identifier" invention, which includes a system, method 
and program, for secure session management and authentication between a web 
site and a web client, said system comprising a web server, a web client and a 
communication channel, said web server coupled to said web client via said 
communication channel, said web server having a web site (Col 3 line 30 to Col 4 
line 59), said web site including: a) secure and non-secure web pages (Col 7 
lines 15-21); b) a non-secure communication protocol and a session cookie for 
allowing said web client access to said non-secure web pages (Col 2 lines 12- 
27); and c) a secure communication protocol and an authcode cookie for allowing 
said web client access to said secure web pages (Col 5 line 47 to Col 6 line 38, 
and Col 6 lines 39-43). 

6. As per claims 2 and 21 , Koneru discloses the method of claims 1 and 20, 
wherein said method also comprises the steps of: c) requesting said session 
cookie from said web client when said web client requests access to said non- 
secure web pages and verifying said requested session cookie (Col 2 lines 12- 
26); and d) requesting said authcode cookie from said web client when said web 
client requests access to said secure web pages and verifying said requested 
authcode cookie (Col 5 line 47 to Col 6 line 38, Col 6 lines 39-43, and Col 2 line 
63 to Col 3 line 6). 
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7. As per claims 3, 14, and 22, Koneru discloses the method of claims 2, 13, and 

21, wherein said method also comprises alternating between said secure 
communication protocol and said non-secure communication protocol when said 
web client alternates requests for access to said secure web pages and said 
non-secure web pages (Col 7 lines 22-67). 

8. As per claims 4, 15, and 23, Koneru discloses the method of claims 3, 14, and 

22, wherein said alternating between said secure communication protocol and 
said non-secure communication protocol is facilitated by a table which keeps 
track of said non-secure web pages and said secure web pages (Col 2 lines 48- 
52). 

9. As per claims 5 and 24, Koneru discloses the method of claims 4 and 22, 
wherein said web site uses said table to direct said web client to use said secure 
communication protocol or said non-secure communication protocol depending 
on whether said web client requests access to said non-secure web pages or 
said secure web pages (Col 2 lines 48-52, and Col 6 lines 16-38). 

1 0. As per claims 6, 1 6, and 25, Koneru discloses the method of claims 3, 1 3, and 
22, wherein said method also comprises allowing said web client to be a guest 
client or a registered client (Col 1 lines 50-55). 
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11. As per claims 7, 17, and 26, Koneru discloses the method of claims 6, 16, and 
25, wherein said method also comprises creating stored information including 
data contained in said session cookie, data contained in said authcode cookie 
and data about said web client (Col 2 lines 48-62). 



12. As per claims 10, 11, 13, 29, and 30, Koneru discloses the system of claims 8, 
12, 27, and 28, wherein said web site also includes: d) verification means for 
verifying said session cookie when said session cookie is requested from said 
web client (Col 2 lines 12-26); and e) verification means for verifying said 
authcode cookie when said authcode cookie is requested from said web client 
(Col 5 line 47 to Col 6 line 38, Col 6 lines 39-43, and Cot 2 line 63 to Col 3 line 6). 



Claim Rejections - 35 USC § 103 

13. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



14. Claims 8-9, 18-19, 27-28 and 31-32 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Koneru in view of Reiche. 
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15. As per claims 8, 18, and 27, Koneru discloses the method of claims 7, 17, and 26 
wherein said session cookie includes a pointer and said pointer pointing to said 
stored information, and a date portion (Col 5 line 47 to Col 6 line 44). Koneru 
does not teach the encrypted portion and said the encrypted portion includes a 
random portion and a date portion. Nevertheless, Reiche does teach a session 
cookie includes an encrypted portion and that portion also includes a checksum 
portion and the expiry time (Col 9 lines 1-12). Therefore, it is obvious at the time 
of the invention was made for one of ordinary skill in the art to combine both 
teaching to add more security feature to prevent hacking. 

16. As per claims 9, 19, and 28, Koneru discloses the method of claim 7, 17, and 26, 
However, Koneru does not teach the said authcode cookie includes an encrypted 
portion, said encrypted portion having a random portion and a date portion. 
Nevertheless, Reiche does teach a cookie used to authenticate a secured http 
connection, which has an encrypted portion including a random portion 
checksum and a data portion (Col 9 lines 1-12). Therefore, it is obvious at the 
time of the invention was made for one of ordinary skill in the art to incorporate 
both teaching to add more security feature to prevent hacking. 

17. As per claim 31 , computer program (Col 4 line 20) for creating a NAME attribute 
in a session cookie (Col 5 line 47), said computer program comprising the steps 
of: a) generating a useMd (Col 6 line 1); c) generating a session_timestamp (Col 
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6 line 9); d) appending said session_timestamp to said session_string to create 
an intermediate value (Col 5 lines 50-51 ). However, Koneru does not teach b) 
generating a session_string; e) applying a one way hash function to said 
intermediate value to create a final value; and f) storing said final value in said 
NAME attribute. Nevertheless, Reiche does teach the steps above (Col 8 line 65 
to Col 9 line 12). Therefore, it is obvious at the time of the invention was made 
for one of ordinary skill in the art to incorporate both teaching to add more 
security feature to prevent hacking. 

18. As per claim 32. Koneru discloses the computer program of claim 31 , wherein 
creating a PATH attribute, an EXPIRES attribute, a DOMAIN attribute and a 
SECURE attribute in said session cookie comprises the steps of: a) storing a 
slash in said PATH attribute; b) storing a null string in said EXPIRES attribute; c) 
storing a null string in said DOMAIN attribute; and d) storing a null string in said 
SECURE attribute (Col 5 line 48 to Col 6 line 44). 



Claim Rejections - 35 USC § 102 



19. 



The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 
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(e) the invention was described in (1 ) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 



20. Claims 33 are rejected under 35 U.S.C. 102(e) as being anticipated by Reiche 
(US/6092196). 



21. As per claim 33, Reiche discloses the "HTTP Distributed Remote User 

Authentication System" invention, which includes a computer program (Col 8 line 
15) for creating a NAME attribute in an authcode cookie (Col 9 line 2), said 
computer program comprising the steps of: a) generating an authcode (Col 9 line 
3); b) generating an authcodejimestamp (Col 9 line 1); c) appending said 
authcodejimestamp to said authcode to create an intermediate value; d) 
applying a one way hash function to said intermediate value to create a final 
value (Col 9 lines 1-12); and e) storing said final value in said NAME attribute 
(Col 8 line 65 to Col 9 line 12). 



Claim Rejections - 35 USC § 103 
22. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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23. Claims 34 is rejected under 35 U.S.C. 103(a) as being unpatentable over Reiche 
in view of Koneru. 



24. As per claim 34, Rechie discloses the computer program of claim 33 wherein 
creating an EXPIRES attribute and other attributes in said authcode cookie. 
However, Rechie does not teach specifically the creating a PATH attribute, a 
DOMAIN attribute and a SECURE attribute in said authcode cookie comprises 
the steps of: a) storing a slash in said PATH attribute; b) storing a null string in 
said EXPIRES attribute; c) storing a null string in said DOMAIN attribute; and d) 
storing the string secure in said SECURE attribute. Nevertheless, Koneru does 
teach the creating steps above (Col 5 line 48 to Col 6 line 44) for its secure and 
non-secure session cookie. Therefore, it is obvious at the time of the invention 
was made for one of ordinary skill in the art to incorporate both teaching to 
prepare the authentication process. 



Conclusion 

25. Any inquiry concerning this communication from the examiner should be directed 
to Linh Son whose telephone number is (703)-305-8914 or Fax to 703-746-9821 . 

26. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor Kim Y. Vu can be reached at (703)-305-4393. The fax numbers for 
this group are (703)-872-9306 (official fax). Any inquiry of general nature or 
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relating to the status of this application or proceeding should be directed to the 
group receptionist whose telephone number is (703)-305-9600. 



Linh LD Son 




Patent Examiner 



